Ask Your Question
0

what's role for service user on keystone?

asked 2017-07-05 03:22:22 -0500

Hi, I have a question about keystone. In keystone tutorial, if other services(glance, nova..) was added into keystone, keystone add service user having same service name. Then, assigned admin role in service project. What's role for this service user?

I think that admin or demo user need to know service endpoint, but don't need service user. Thx!

edit retag flag offensive close merge delete

Comments

did you read the help text from: keystone-manage bootstrap --help ? The keystone user and its role are passed as parameters to this command.

mlschuler gravatar imagemlschuler ( 2017-07-06 09:43:46 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-07-06 23:07:27 -0500

The various parts of an OpenStack cloud (Nova, Glance, ...) communicate with each other via API. To use each other's APIs, they need to authenticate with keystone. For authentication, they need an identity - user, password, project, domain. By convention, the domain is Default, the project is service, the user is the name of the OpenStack component.

They need the admin role to do things a normal user can't, in particular accessing other users' resources.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-07-05 03:22:22 -0500

Seen: 36 times

Last updated: Jul 06 '17